You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Automation of compliance status and evidence collection can be tricky and misleading. Nevertheless, we can figure out a reasonable UX where this acts a "helper" and a plugin architecture and system to pull data and match specific applied controls.
If properly exposed on their API, we can experiment with the Wazuh to get a first level on the SIEM and XDR parts. Prowler seems like a reasonable option as well for some of the controls.
One of the challenges is that most tools will give only partial information and eventually overlap and conflict, so we need to stick to the "helper" approach and not set this on behalf of the auditor, given the bad previous experience on controls automation that the community reported.
The text was updated successfully, but these errors were encountered:
Automation of compliance status and evidence collection can be tricky and misleading. Nevertheless, we can figure out a reasonable UX where this acts a "helper" and a plugin architecture and system to pull data and match specific applied controls.
If properly exposed on their API, we can experiment with the Wazuh to get a first level on the SIEM and XDR parts. Prowler seems like a reasonable option as well for some of the controls.
One of the challenges is that most tools will give only partial information and eventually overlap and conflict, so we need to stick to the "helper" approach and not set this on behalf of the auditor, given the bad previous experience on controls automation that the community reported.
The text was updated successfully, but these errors were encountered: